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Art Unit: 2173 

DETAILED ACTION 

1. Claims 1-30 are pending in this application and have been examined. 



Specification 

2. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 1 50 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 



Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 2, 3 and 6 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 



5. Claims 2, 3 and 6 recites the limitation " said step" in lines 1 . There is insufficient 
antecedent basis for this limitation in the claim. 
Appropriate correction is required. 
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Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claims 18-25 are rejected under 35 U.S.C. 101 because the claims are 
directed to non-statutory subject matter. 

Paragraph [0032] provides intrinsic evidence that the computer readable medium of 
claims 18-25 is intended to cover embodiments where the medium is a wire medium 
such as a wired network or direct-wired connection. While wire is a manufacture within 
the meaning of 101 , in and of itselves, it does not enable the instructions of claims 18 - 
25 to act as a computer component and realize its functionality. The specification also 
provides evidence that the medium is intended to cover embodiments where the 
medium is modulated data signal such as a carrier wave or other transport mechanism 
and includes any information delivery media. The signal itself is a form of energy rather 
than a machine, manufacture, process or composition of matter. As such, it fails to fall 
within a statutory category. 
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Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

9. Claim 1, 3-4, 12-13, 15, 17-18 and 26-27 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Boebert et al. (Boebert, US 5,822,435). 

10. As to independent claim 1 , Boebert discloses a method for maintaining the 
security of data displayed on a display for a system comprising a secured execution 
environment and a second execution environment (fig. 2, "trusted subsystem", 
"untrusted subsystem"), comprising: storing an image of at least one nexus graphical 
user interface element (col. 5, lines 33-36; "trusted window") associated with a first 
process running on said secured execution environment (col. 5, lines 14-18; "trusted 
path mode"); and displaying said nexus graphical user interface element on said display 
completely on a display, such that no part of said nexus graphical user interface 
element is obscured by a graphical user interface element associated with said second 
execution environment on said display (col. 5, lines 33-43; no parts of the nexus GUI is 
obscured because the nexus GUI is "overlaid" on top of the screen display.). 

11. As to independent claim 1 2, Boebert discloses a method for maintaining the 
security of data displayed on a display for a system comprising a secured execution 
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environment and a second execution environment, comprising: storing public title 
information and a private title information for a nexus graphical user interface element 
associated with a process running on said secured execution environment; using said 
private title information for window management functions on said secured execution 
environment when displaying said nexus graphical user interface element; and 
providing said public title information for use in said second execution environment 
(col. 5, lines 33-43; col.7, lines 20-25; col.8, lines 45-50; private title information is 
contained in secret information, and the public title information is contained in the 
unclassified information in order to prevent data of different security level from being 
mixed). 

12. As to independent claim 15, Boebert discloses a computer-readable medium 
containing computer executable instructions to maintain the security of data displayed 
on a display for a system comprising a secured execution environment and a second 
execution environment (fig.2, "trusted subsystem", "untrusted subsystem"), the 
computer-executable instructions to perform acts comprising: storing an image of at 
least one nexus graphical user interface element (col. 5, lines 33-36; "trusted window") 
associated with a first process running on said secured execution environment (col. 5, 
lines 14-18; "trusted path mode"); and displaying said nexus graphical user interface 
element on said display completely on a display, such that no part of said nexus 
graphical user interface element is obscured by a graphical user interface element 
associated with said second execution environment on said display(col.5, lines 33-43; 
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no parts of the nexus GUI is obscured because the nexus GUI is "overlaid" on top of the 
screen display). 

1 3. As to independent claim 26, Boebert discloses a computer-readable medium 
containing computer executable instructions to maintain the security of data 
displayed on a display for a system comprising a secured execution environment and a 
second execution environment, the computer-executable instructions to perform acts 
comprising: storing public title information and a private title information for a nexus 
graphical user interface element associated with a process running on said secured 
execution environment; using said private title information for window management 
functions on said secured execution environment when displaying said nexus 
graphical user interface element; and providing said public title information for use in 
said second execution environment (col. 5, lines 33-43; col. 7, lines 20-25; col.8, lines 45- 
50; private title information is contained in secret information, and the public title 
information is contained in the unclassified information in order to prevent data of 
different security level from being mixed). 

14. As to claims 3 and 17, Boebert discloses displaying said nexus graphical user 
interface element such that no part of said nexus graphical user interface element is 
obscured by a graphical user interface element associated with a second process 
running on said secured execution environment (coL5, lines 33-43; no parts of the 
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nexus GUI is obscured because the nexus GUI is "overlaid" on top of the screen 
display.). 

1 5. As to claims 4 and 1 8, Boebert discloses displaying only graphical user interface 
elements on display upon receipt of a user secure display indication (col. 5, lines 27-32). 

16. As to claims 13 and 27, Boebert discloses where said second execution 
environment includes a host window manager for managing graphical user interface 
elements on said display, where said host window manager creates a shadow graphical 
user interface element for said nexus graphical user interface element, and where said 
public title is used by said host window manager (col.5, lines 33-43; col.7, lines 20-25; 
col. 8, lines 45-50; private title information is contained in secret information, and the 
public title information is contained in the unclassified information in order to prevent 
data of different security level from being mixed.). 



Claim Rejections - 35 USC § 103 

17. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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18. Claims 2 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Boebert in view of Janssen et al. (Janssen, US 6,512,529 B1). 

19. As to claims 2 and 16, Boebert does not disclose ensuring that nexus graphical 
user interface element contains no areas of transparency. 

In the same field of endeavor, Janssen discloses a graphical user interface element 
contains no areas of transparency, (col. 3, lines 23-25); 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Janssen before him at the time the invention was made, to modify the 
secured execution environment interface taught by Boebert to include opaque user 
interface mode taught by Janssen with the motivation being to ensure proper visibility of 
the secured execution environment. 

20. Claims 5-6, 7-8, 10-11, 14, 19-20, 21-22, 24-25 and 28-30 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Boebert in view of Ye et al. (Ye, 
"Trusted paths for browsers: An open-source solution to web spoofing", Feb 4, 
2002). 

21 . As to independent claim 5, Boebert discloses a method for maintaining the 
security of data displayed on a display for a system comprising a secured execution 
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environment and a second execution environment, comprising: displaying a nexus 
graphical user interface element, where nexus graphical user interface element is 
associated with a process running on said secured execution environment (col.4, lines 
4-15). Boebert does hot specifically disclose storing and display a nexus-user secret 
associated with said secured execution environment. 

In the same field of endeavor, ye, discloses storing and display a nexus-user secret 
associated with said secured execution environment (Section 4.2 "Synchronized 
random dynamic boundaries"). 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

22. As to independent claim 7, Boebert discloses a method for maintaining the 
security of data displayed on a display for a system comprising a secured execution 
environment and a second execution environment (fig.2, "trusted subsystem", 
"untrusted subsystem"), comprising: accepting at least two nexus graphical data 
elements, each associated with a process running on said secured execution 
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environment, for display on said display; and displaying at least two nexus graphical 
user interface elements, each of said nexus graphical user interface elements 
comprising one of said nexus graphical data elements (col.6, lines 52- 56). Boebert 
does not disclose a common graphical user interface decoration. 

In the same field of endeavor, Ye discloses a common graphical user interface 
decoration (Section 4.2 "Synchronized random dynamic boundaries"; same window 
borders and styles for trusted environment). 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

23. As to independent claim 19, Boebert discloses a computer-readable medium 
containing computer executable instructions to maintain the security of data displayed 
on a display for a system comprising a secured execution environment and a second 
execution environment, the computer-executable instructions to perform acts 
comprising: displaying a nexus graphical user interface element, where nexus graphical 
user interface element is associated with a process running on said secured execution 
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environment (col.4, lines 4-15). Boebert does not disclose storing and display a nexus- 
user secret associated with said secured execution environment. Boebert does not 
specifically disclose storing and display a nexus-user secret associated with said 
secured execution environment. 

In the same field of endeavor, Ye, discloses storing and display a nexus-user secret 
associated with said secured execution environment (Section 4.2 "Synchronized 
random dynamic boundaries"). 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

24. As to independent claim 21 , Boebert discloses a computer-readable medium 
containing computer executable instructions to maintain the security of data displayed 
on a display for a system comprising a secured execution environment and a second 
execution environment, the computer-executable instructions to perform acts (fig. 2, 
"trusted subsystem", "untrusted subsystem"), comprising: accepting at least two nexus 
graphical data elements, each associated with a process running on said secured 
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execution environment, for display on said display; and displaying at least two nexus 
graphical user interface elements, each of said nexus graphical user interface elements 
comprising one of said nexus graphical data elements (col.6, lines 52- 56). Boebert 
does not disclose a common graphical user interface decoration. 

In the same field of endeavor, Ye discloses a common graphical user interface 
decoration (Section 4.2 "Synchronized random dynamic boundaries"; same window 
borders and styles for trusted environment). 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

25. As to independent claim 29, A system for maintaining the security of data 
displayed on a display for a system comprising a secured execution environment and 
a second execution environment (fig. 2, "trusted subsystem", "untrusted subsystem"), 
comprising: secured execution environment storage for storing private title information 
for a nexus graphical user interface element associated with a process running on said 
secured execution environment and a nexus-user secret associated with said secured 
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execution environment; second execution environment storage for storing public title 
information public title information for said nexus graphical user interface element; 
trusted window manager for displaying each of said nexus graphical user interface 
elements on said display completely on a display (col. 5, lines 33-43; col.7, lines 20-25; 
col. 8, lines 45-50; private title information is contained in secret information, and the 
public title information is contained in the unclassified information in order to prevent 
data of different security level from being mixed), such that no part of said nexus 
graphical user interface element is obscured by a graphical user interface element 
associated with said second execution environment on said display (col. 5, lines 33-43; 
no parts of the nexus GUI is obscured because the nexus GUI is "overlaid" on top of the 
screen display). Boebert does not disclose where each of said nexus graphical user 
interface elements comprises a common graphical user interface decoration and said 
private title information. 

In the same field of endeavor, Ye discloses nexus graphical user interface elements 
comprises a common graphical user interface decoration (Section 4.2 "Synchronized 
random dynamic boundaries"; same window borders and styles for trusted 
environment), and private title information (Section 4.2 "Synchronized random dynamic 
boundaries", secret information such as the border colors, styles and intervals of the 
random changes are considered as private title because the private title is used only 
under a secured execution environment). 
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It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

26. As to claims 6 and 20, Ye discloses accepting a user nexus-user secret display 
indication; and displaying said nexus-user secret (Section 4.2' "Synchronized random 
dynamic boundaries"; the nexus-user secret disclosed here is having trusted and 
untrusted color borders representing each of the nexus and the second execution 
environments). 

27. As to claims 8 and 22, Ye discloses common graphical user interface decoration 
comprises a colored border (Section 4.2, "Synchronized random dynamic boundaries"; 
Section 5.1 "Adding colored boundaries"). 

28. As to claims 1 0 and 24, Ye discloses changing said common graphical user 
interface decoration when a set time period elapses (Section 5.2 "Making the 
boundaries dynamic"; the "setlnterval" sets the time interval for a change in the 
graphical user interface decoration). 
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29. As to claims 1 1 and 25, Ye discloses changing said common graphical user 
interface decoration when a user decoration change indication is received (Section 5.2 
"Making the boundaries dynamic"; the "example-changeBorder.js" script that is in. 
charge of the border style is set by a user). 

30. As to claims 14 and 28, Boebert discloses displaying each of said nexus 
graphical user interface element on said display completely on a display, such that no 
part of said nexus graphical user interface element is obscured by a graphical user 
interface element associated with said second execution environment on said display 
(col. 5, lines 33-43; no parts of the nexus GUI is obscured because the nexus GUI is 
"overlaid" on top of the screen display). Boebert does not disclose each of said nexus 
graphical user interface elements comprises a common graphical user interface 
decoration. Storing a nexus-user secret associated with said secured execution 
environment; and displaying a nexus-user secret graphical user interface element 
comprising said nexus-user secret on said display. 

In the same field of endeavor, Ye discloses each of said nexus graphical user interface 
elements comprises a common graphical user interface decoration. Storing a nexus- 
user secret associated with said secured execution environment; and displaying a 
nexus-user secret graphical user interface element comprising said nexus-user secret 
on said display (Section 4.2 "Synchronized random dynamic boundaries"; same window 
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borders and styles for trusted environment; the nexus-user secret disclosed here is 
having trusted and untrusted color borders representing each of the nexus and the 
second execution environments). 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

31 . As to claim 30, Ye discloses displaying a nexus-user secret graphical user 
interface element comprising said nexus-user secret on said display (Section 4.2 
"Synchronized random dynamic boundaries"; the nexus-user secret disclosed here is 
having trusted and untrusted color borders representing each of the nexus and the 
second execution environments). 

32. Claims 9 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Boebert in view of Ye and in further view of Dhamija (Dhamija, "Hash 
visualization in user authentication", April 2000) 
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33. As to claims 9 and 23, Boebert does not disclose common graphical user 
interface decoration comprises one or more randomly selected images. 

In the same field of endeavor, Ye discloses a common graphical user interface 
decoration (Section 4.2 "Synchronized random dynamic boundaries"; same window 
borders and styles for trusted environment). 

It would have been obvious to one of ordinary skill in the art, having the teaching of 

f 

Boebert and Ye before him at the time the invention was made, to modify the secured 
execution environment interface taught by Boebert to include synchronized random 
dynamic boundaries taught by Ye with the motivation being to provide an effective trust 
judgment about the identity of a graphic interface element in a human-computer 
interaction environment. 

Ye does not disclose using one or more randomly selected images. 

In the same field of endeavor, Dhamija discloses randomly selected images (Paragraph 
"A prototype image authentication system"); 

It would have been obvious to one of ordinary skill in the art, having the teaching of 
Boebert and Ye, and the teaching of Dhamija before him at the time the invention was 
made, to modify the secured execution environment reorganization interface taught by 
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Boebert and Ye to include random selected images taught by Dhamija with the 
motivation being to provide an easy to remember and hard to write down trust judgment 
about the identity of a graphic interface element in a human-computer interaction 
environment. 

Conclusion 

34. The prior art made of record on form PTO-892 and not relied upon is considered 
pertinent to applicant's disclosure. Applicant is required under 37 C.F.R. 1.111(c) to 
consider these references fully when responding to this action. The documents cited 
therein teaches anti-spoofing security methods and GUI elements display priorities. 

35. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Haoshian Shih whose telephone number is (571) 270- 
1257. The examiner can normally be reached on m-f 0730-1700. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Cabeca can be reached on (571)272-4048. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



HSS 




Kieu D. Vu 
Primary Examiner 



